Use the SSLProtocol blacklist approach
It turns out that specifying the ciphers we want to use leads to breakage. So instead we'll explicitly tell Apache which ciphers we don't want to use. Change-Id: I0f8211533495a6a4340c01dadb8069ccf9be429c
This commit is contained in:
parent
6e14e5f9af
commit
a6f9e76ffe
|
@ -60,7 +60,7 @@
|
|||
CustomLog /var/log/httpd/git-access.log combined
|
||||
|
||||
SSLEngine on
|
||||
SSLProtocol +TLSv1 +TLSv1.1 +TLSv1.2
|
||||
SSLProtocol All -SSLv2 -SSLv3
|
||||
|
||||
SSLCertificateFile <%= scope.lookupvar("cgit::ssl_cert_file") %>
|
||||
SSLCertificateKeyFile <%= scope.lookupvar("cgit::ssl_key_file") %>
|
||||
|
|
Loading…
Reference in New Issue